47 current 2025-10-07 20:17:37 25.05.20251001.5b5be50 6.12.49 *

2025-10-07 20:39:28 -05:00
parent 8eb387ffd6
commit 1c0f348a2f
2 changed files with 6 additions and 24 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 # flake for blakes nixos config
 # define new devices in outputs
-# generation: 46 current  2025-10-07 20:04:53  25.05.20251001.5b5be50  6.12.49                          *
+# generation: 47 current  2025-10-07 20:17:37  25.05.20251001.5b5be50  6.12.49                          *
 {
  description = "blakes nix config";
  inputs = {
--- a/modules/homelab/services/arr/prowlarr/default.nix
+++ b/modules/homelab/services/arr/prowlarr/default.nix
@@ -2,9 +2,8 @@
 let
  cfg = config.modules.services.prowlarr;
  ids = 2004;
  default_port = 9696;
-  data_dir = "/var/lib/prowlarr";
+  data_dir = "/var/lib/private/prowlarr";
 in
 {
  options.modules.services.prowlarr = {
@@ -26,20 +25,6 @@ in
  config = lib.mkIf cfg.enable {
    # declare prowlarr group
    users.groups.prowlarr = { gid = ids; };
    # declare prowlarr user
    users.users.prowlarr = {
      description = "prowlarr server user";
      uid = ids;
      isSystemUser = true;
      #home = "/var/lib/prowlarr";
      #createHome = true;
      group = "prowlarr";
      extraGroups = [ "media" ];
    };
    # enable the prowlarr service
    services.prowlarr = {
      enable = true;
@@ -49,18 +34,15 @@ in
      };
    };
    # override umask to make permissions work out
    systemd.services.prowlarr.serviceConfig = { UMask = lib.mkForce "0007"; };
 #    # open firewall
 #    networking.firewall.allowedTCPPorts = [ cfg.port ];
    # internal reverse proxy entry
    services.nginx.virtualHosts."prowlarr.snowbelle.lan" = {
-      enableACME = false;
+      enableACME = true;
-      forceSSL = true;
+      forceSSL = false;
-      sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
+      #sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
-      sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
+      #sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString cfg.port}";
      };